Kaspersky Lab nails 'Find and Call' trojan bearing phone-book service

Jul 06, 2012 by Nancy Owano report

(Phys.org) -- How to lose friends and de-influence people: An app called "Find and Call" has been passing itself off as a mobile phone-book helper but has been discovered to be a Trojan which, once downloaded, has all the user’s address book contacts uploaded to a remote server where it proceeds to fire off SMS messages posing as the user. Find and Call was found both on the iOS App Store and Google Play store. Kaspersky Lab sounded the alarm on Thursday in a report from Kaspersky Lab expert Denis Maslennikov.

He said Kaspersky Lab had first been alerted to the malicious app by MegaFon, a mobile carrier in Russia, which said that there was a suspicious app sitting in both Apple’s and the Google Play store.

In sending out the text messages to contacts advertising the application, the "From" field was being spoofed with the original user's number so that the receiver of the message would assume it was from a trusted source and not spam.

Find and asks the user to sign in with an e-mail address and cell phone number. Kaspersky points out that neither field is checked for validity before moving forward. The user is asked if he or she wants to "find friends in a phone book.” If the user proceeds, the app uploads the device's address book data without telling the user.

Trojan horses are malicious files that use social engineering, true to the word origins, presenting themselves as benign and useful gifts, so that victims will want to install them on their computers.

At first, said Maslennikov, “This seemed to be an SMS worm spread via sending short messages to all contacts stored in the phone book with the URL to itself. However, our analysis of the iOS and Android versions of the same application showed that it’s not an SMS worm but a Trojan that uploads a user’s phonebook to remote server.”

Find and Call software was also found on the Google Play storefront for Android handsets. In the Google Play store, the app had more than 100 downloads and three 1-star ratings. In Apple's App Store, the app received 1.5 stars, according to reports.

The app may have primarily targeted Russian users as it used Russian language text in the app description, yet Find and Call was available in app stores across the globe. Find and Call was removed from both Apple App Store and Google Play soon after the companies became aware of the problem.

One interesting point about this malware incident is that it was found both on Apple’s iOS platform, which Apple tells the world has security at its core, and on Google’s store. While Android is often highlighted as vulnerable to miscreants because of its open platform, the Thursday report from Kaspersky Lab indicates that all major platforms are vulnerable. Android has no monopoly on malware. As both iOS and Android grow in popularity, they will be the targets of data-stealing attempts.

Apple prides itself on its strict review process, which analyses each application that is made available for download on the App Store. Somehow this app made its way through anyway. According to reports, the app actually was there for some time. It made its first appearance in the App Store on June 13, according to MacRumors.com.

After hearing about the , however, an Apple representative issued a statement: “The Find & Call app has been removed from the App Store due to its unauthorized use of users’ data, a violation of App Store guidelines.” Google also removed Find and Play.

Russian blog AppleInsider.ru was able to make contact with the developer of the app. In an e-mail, he said the spontaneous sending out of SMS messages was the result of a bug discovered in beta testing and was being repaired.

Explore further: Microsoft expands ad-free Bing search for schools

Related Stories

Yahoo! helps find smartphone 'apps'

Jun 16, 2011

Yahoo! has begun helping people navigate the sea of applications available for Apple iPhones or mobile gadgets powered by Google-backed Android software.

Android users get malware with their apps

Mar 02, 2011

(PhysOrg.com) -- As new platforms make their way into the market there will always someone who is looking to exploit them for illegal or unethical ends. More proof of that fact has come today when Google was ...

Recommended for you

Microsoft expands ad-free Bing search for schools

12 hours ago

Microsoft is expanding a program that gives schools the ability to prevent ads from appearing in search results when they use its Bing search engine. The program, launched in a pilot program earlier this year, is now available ...

Growing app industry has developers racing to keep up

Apr 20, 2014

Smartphone application developers say they are challenged by the glut of apps as well as the need to update their software to keep up with evolving phone technology, making creative pricing strategies essential to finding ...

Android gains in US, basic phones almost extinct

Apr 18, 2014

The Google Android platform grabbed the majority of mobile phones in the US market in early 2014, as consumers all but abandoned non-smartphone handsets, a survey showed Friday.

Hackathon team's GoogolPlex gives Siri extra powers

Apr 17, 2014

(Phys.org) —Four freshmen at the University of Pennsylvania have taken Apple's personal assistant Siri to behave as a graduate-level executive assistant which, when asked, is capable of adjusting the temperature ...

Microsoft CEO is driving data-culture mindset

Apr 16, 2014

(Phys.org) —Microsoft's future strategy: is all about leveraging data, from different sources, coming together using one cohesive Microsoft architecture. Microsoft CEO Satya Nadella on Tuesday, both in ...

User comments : 4

Adjust slider to filter visible comments by rank

Display comments: newest first

Shifty0x88
not rated yet Jul 06, 2012
"You cut him, you hurt him, you see, you see, he's not a machine, he's a man!" -Rocky IV

So it seems Apple has a chink in their armor
RedRapper
not rated yet Jul 06, 2012
I wonder what negative impact this will have on other apps that have names to reflect calling capabilities. Hopefully apps like ReadAndCall (which is good) don't receive unwarranted negative reactions. Many developers work hard to produce good Apps and one bad "apple" can ruin countless hours of good work.
Vendicar_Decarian
5 / 5 (1) Jul 06, 2012
Thank Gawad for the Ruskies.

Another Victory for Socialism against the free market capitalists that created the trojan.

Eikka
not rated yet Jul 07, 2012
So it seems Apple has a chink in their armor


Apple is a great follower of the principle "Let's not and say we did"

It also highlights the problem of the central repository model for software distribution. If you can't trust the shop, then where else can you go?

More news stories

Is nuclear power the only way to avoid geoengineering?

"I think one can argue that if we were to follow a strong nuclear energy pathway—as well as doing everything else that we can—then we can solve the climate problem without doing geoengineering." So says Tom Wigley, one ...

Cyber buddy is better than 'no buddy'

A Michigan State University researcher is looking to give exercise enthusiasts the extra nudge they need during a workout, and her latest research shows that a cyber buddy can help.